ycz
/
OKR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
OKR/dev-upgrade/elastic/logstash-alert.yaml

185 lines
4.1 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: ConfigMap
metadata:
name: logstash-config-alert
data:
logstash.conf: |-
input {
kafka{
bootstrap_servers => "10.2.0.12:30002,10.2.0.12:30003,10.2.0.12:30004"
topics => ["beaconfire-logback-prod"]
group_id => "logstash-app-alert"
auto_offset_reset => "latest"
codec => json
}
}
filter {
if [tags][json] {
json {
source => "message"
}
}
if [level] == "TRACE" {
drop {}
}
if [level] == "DEBUG" {
drop {}
}
if [level] == "INFO" {
drop {}
}
if [level] == "WARN" {
drop {}
}
if [message] =~ "Fail to parse JWT due to: Jwt expired at" {
drop {}
}
if [message] =~ "Unauthorized access" {
drop {}
}
if [message] =~ "exchange refresh token" {
drop {}
}
if [message] =~ "No sess token provided" {
drop {}
}
if [message] =~ "Servlet.service" {
drop {}
}
if [message] =~ "no data hit with the given appCode" {
drop {}
}
mutate {
split => { "[log][file][path]" => "/" }
add_field => { "env" => "%{[log][file][path][3]}" }
}
mutate {
join => { "[log][file][path]" => "/" }
}
mutate {
gsub => [
"message", "\n", " "
]
}
mutate {
gsub => [
"message", "\t", " "
]
}
mutate {
gsub => [
"message", "\"", " "
]
}
mutate {
gsub => [
"message", "'", "^"
]
}
if [stack_trace] {
mutate {
gsub => [
"stack_trace", "\n", "_"
]
}
mutate {
gsub => [
"stack_trace", "'", "^"
]
}
mutate {
split => { "stack_trace" => "_" }
add_field => { "stackFirst" => "%{[stack_trace][0]}" }
}
}
}
output {
#stdout { codec => json }
# if [stack_trace] {
# file {
# path => "1.json"
# codec => "json_lines"
# }
# }
if [stack_trace] {
exec {
command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{TID}' '%{message}' '%{stackFirst}' "
}
} else {
exec {
command => "/usr/local/bin/log-alert.sh '%{@timestamp}' '%{serviceName}' '%{env}' '%{level}' '%{TID}' '%{message}' '-' "
}
}
}
logstash.yml: |-
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elastic:9200" ]
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: logstash-alert
labels:
app: logstash-alert
spec:
replicas: 1
selector:
matchLabels:
app: logstash-alert
template:
metadata:
labels:
app: logstash-alert
spec:
imagePullSecrets:
- name: deploy-regcred
containers:
- name: logstash-alert
image: beaconfireiic/logstash:7.16.3
imagePullPolicy: Always
ports:
- containerPort: 5044
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1
memory: 1Gi
volumeMounts:
- name: config
mountPath: /usr/share/logstash/pipeline/logstash.conf
subPath: logstash.conf
readOnly: true
- name: config
mountPath: /usr/share/logstash/config/logstash.yml
subPath: logstash.yml
readOnly: true
volumes:
- name: config
configMap:
name: logstash-config-alert
items:
- key: logstash.conf
path: logstash.conf
- key: logstash.yml
path: logstash.yml
---
apiVersion: v1
kind: Service
metadata:
name: logstash-alert
labels:
app: logstash-alert
spec:
ports:
- port: 5044
targetPort: 5044
selector:
app: logstash-alert
type: ClusterIP
Reference in New Issue View Git Blame Copy Permalink